Docker Desktop < 4.41.0 Access Control

🗓️ 05 May 2025 00:00:00Reported by TenableType

Docker Desktop versions before 4.41.0 have access control vulnerabilities affecting registry access.

Reporter	Title	Published	Views	Family All 10
Circl	CVE-2025-4095	29 Apr 202518:12	–	circl
CNNVD	Docker Registry Access Management 安全漏洞	29 Apr 202500:00	–	cnnvd
CVE	CVE-2025-4095	29 Apr 202517:16	–	cve
Cvelist	CVE-2025-4095 Registry Access Management (RAM) policies not applied when sign-in enforcement is configured via a configuration profile	29 Apr 202517:16	–	cvelist
EUVD	EUVD-2025-12619	3 Oct 202520:07	–	euvd
NVD	CVE-2025-4095	29 Apr 202518:15	–	nvd
Positive Technologies	PT-2025-18194 · Docker · Docker Desktop	29 Apr 202500:00	–	ptsecurity
RedhatCVE	CVE-2025-4095	1 May 202517:21	–	redhatcve
The Hacker News	⚡ Weekly Recap: Nation-State Hacks, Spyware Alerts, Deepfake Malware, Supply Chain Backdoors	5 May 202511:29	–	thn
Vulnrichment	CVE-2025-4095 Registry Access Management (RAM) policies not applied when sign-in enforcement is configured via a configuration profile	29 Apr 202517:16	–	vulnrichment

Source	Link
docs	www.docs.docker.com/desktop/release-notes/
cve	www.cve.mitre.org/cgi-bin/cvename.cgi

#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##

include('compat.inc');

if (description)
{
  script_id(235122);
  script_version("1.1");
  script_set_attribute(attribute:"plugin_modification_date", value:"2025/05/05");

  script_cve_id("CVE-2025-4095");
  script_cwe_id(862);

  script_name(english:"Docker Desktop < 4.41.0 Access Control");

  script_set_attribute(attribute:"synopsis", value:
"The remote host has an application installed that is affected by an access control vulnerability.");
  script_set_attribute(attribute:"description", value:
"The version of Docker Desktop for Mac is prior to 4.41.0. It is therefore affected by an access control vulnerability.
Registry Access Management (RAM) is a security feature allowing administrators to restrict access for their developers 
to only allowed registries. When a MacOS configuration profile is used to enforce organization sign-in, the RAM 
policies are not being applied, which would allow Docker Desktop users to pull down unapproved, and potentially 
malicious images from any registry.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version
number.");
  script_set_attribute(attribute:"see_also", value:"https://docs.docker.com/desktop/release-notes/#4411");
  script_set_attribute(attribute:"solution", value:
"Upgrade to Docker Desktop version 4.41.0 or later");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2025-4095");

  script_set_attribute(attribute:"vuln_publication_date", value:"2025/04/29");
  script_set_attribute(attribute:"patch_publication_date", value:"2025/04/29");
  script_set_attribute(attribute:"plugin_publication_date", value:"2025/05/05");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:docker:docker");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"MacOS X Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2025 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("docker_for_mac_installed.nbin");
  script_require_keys("installed_sw/Docker", "MacOSX/packages/sys_profiler");

  exit(0);
}

include('vdf.inc');

# @tvdl-content
var vuln_data = {
  'metadata': {'spec_version': '1.0'},
  'checks': [
    {
      'product':{'name': 'Docker', 'type': 'app'},
      'check_algorithm': 'default',
      'constraints': [{'fixed_version':'4.41.0'}]
    }
  ]
};

var result = vdf::check_and_report(vuln_data:vuln_data, severity:SECURITY_HOLE);
vdf::handle_check_and_report_errors(vdf_result:result);

05 May 2025 00:00Current

8.6High risk

Vulners AI Score8.6

CVSS 44.3

EPSS0.00119

SSVC